SPRING BREAK - JOIN BRAZZERS FOR FREE! - CLICK HERE
Guide - Marcus guide to staying anonymous on the web. | Page 2 | SimpCity Forums

Guide Marcus guide to staying anonymous on the web.

  • Emails and alerts are now back, you will need to visit unread threads in your Watched Threads list before new alerts are sent.

Darudestorm

Fan
May 12, 2022
2
64
325
0fya082315al84db03fa9bf467e3.png
Hey sorry if it's been asked already but if I scrape some content from an OF feed and wanna share it, could the metadata be traced back to me or something?
 
  • Like
Reactions: IncogBCA

ausugnd

Dark Lord of the Simps
Aug 28, 2022
218
3,508
1,262
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes
I had a similar worry, however unless it is hidden deep in the pixels or something in a way that I have no idea how it would be done, I can't find it.

The downloaders I use anyway, don't have much in the EXIF metadata, and nothing that would be identifiable. I ran a simple program:
Please, Log in or Register to see links and images

For a while, you drag and drop the images in, and then it scrapes away any EXIF metadata. Most pics I ran it on had 5 items, and came back with 0 at the end. But the 5 pieces of info it deleted were just generic system info.
Works on videos too, but it doesn't return a 0 remaining result as some of the encoding and resolution data always stays. Nothing identifiable.
 

jodops

Fan
May 3, 2022
10
78
329
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes

So I was considering this, based on the fact that MYM (OF competitor) already watermarks all images with both username and a userID (number), and while MYM is doing it very visibly (partially to the detriment of the images),
Please, Log in or Register to see links and images
.

So while it might not be in use yet (or we would see many more bans), it seems to me like it's more a question of when they realise this potential?
 
  • Wesmart
Reactions: hooddog

huelian2

Superfan
Mar 28, 2022
40
547
739
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes
The word you looking for is "video steganography":
Please, Log in or Register to see links and images

The concept dates back to ancient times. Spies use this a lot, like hiding info in microdots in documents. But any lossy compression that does not change quality very much is enough to destroy the data.

I did see content creators saying they were doing this on a per-customer basis to trace leakers. But if you only apply a bit of blur, compress the video a bit and reencode it with another codec, you will destroy this information. If you are paranoid, blur and compress it a lot then feed the result to an AI upscaler. This also eliminates noise in the image. Dumb steganography does generate noise in the image, which could explain why I started to see so many video files which were large yet had a lot of visual noise.

Smart steganography would be harder to see but a lot more difficult to implement. For each image they would have to create a map of where each pixel goes, to hide pixels among others of similar colours. But that is even less robust against blurring. Seam carving is yet another option to destroy this info.

Now, a visible watermark is just stupid because then you can just cover or blur the watermark. I would expect that a visible watermark is both a marketing tool to fool creators and a honeypot to make you feel safe after you destroyed it while they are tracing you some other way. Like if they are making each copy unique at the content level: rotating a bit, zooming a bit, applying some iterations of seamcarving, etc. But then again, we can mess their junction tables by doing the same kind of things. Imagine bacteria reproducing with a high mutation rate.

However, the clock is ticking for them, because there are already brothels of sex dolls getting more demand than brothels of people in the same places and there is already AI capable of generating realistic images, video and audio of people doing things and speaking. Realistic not only graphic-wise, but also physics-wise. Or unrealistic, if that is your thing (Japanese guys who like tentacles, I am looking at you). Soon any simp will be able to build his own porn and his own sex partners.
 

huelian2

Superfan
Mar 28, 2022
40
547
739
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes
Paying by mail only works in some countries. And it seems to be a trap in those countries:

Please, Log in or Register to see links and images

That thread on reddit is old, so I don't know if atomic swaps between bitcoin and monero were available back then, but, as far as I know, now they are. So now anything you can buy with bitcoin you can buy anonymously anywhere in the world, but it will cost you about 20% more in total due to slippage.
 

shallowcrack

Are you the farmer?
Jun 6, 2022
534
17,678
1,417
0fya082315al84db03fa9bf467e3.png
Regarding forensic tracing of copyright materials; what about hex editing? Is it possible for every download to be tagged individually with info tying it to the person who downloaded the file from a studio? I've encountered files that had hex data ID because no matter what I did to the file, it always reported where the file came from. I opened the file in a hex editor and found the offending text.
 

huelian2

Superfan
Mar 28, 2022
40
547
739
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes
That sounds like regular metadata. As you said it yourself, you found it. Before finding it, you detected it. If it is instead a subtle part of the content itself, the only way for you to even realise you are being traced at all is if you can compare it in detail to multiple files of other users of the same source.
 
  • Like
Reactions: shallowcrack

hanumania

Bathwater Drinker
Mar 14, 2022
78
2,743
1,242
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes


So happy to see someone not shilling for one of the big corporate VPNs (or just being ignorant about it).
As you say Mullvad and Proton are both very good, I would throw in AirVPN, a nonprofit based in Italy, run by Italian net neutrality hacktivists.
I've been using them for years and they take the stuff very very seriously.

I can't believe NordVPN is a top VPN, as they were caught not actually providing VPN services (fake vpn) and selling user data years ago. It's hard to read this stuff because they own a lot of the review services (including "trusty" outlets like PC Magazine).

keep up the good fight.
 

STONE FREE

Yare Yare Dawa ゴゴゴゴ
Mar 11, 2022
156
9,501
1,252
0fya082315al84db03fa9bf467e3.png
Greetings. Any advice for usage on mobile devices? Browser-wise, custom apks and such?
 

fang

Tier 3 Sub
Mar 11, 2022
30
301
542
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes
What are you afraid of? From who or what do you want to hide?

In general, it is advised to not use any mobile device if privacy is of upmost concern.
Not only does it show your position via triangulation of cell towers but it could also contain backdoors in common apps, example being the reverse engineering of the TT app from someone on reddit a few years back.
 

hanumania

Bathwater Drinker
Mar 14, 2022
78
2,743
1,242
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes

Duckduckgo has a good mobile browser. When in doubt use firefox. ProtonVPN for mobile is also very good and you can use their free service until you decide to pay. Don't trust any big profit vpns that don't have an open source model, I don't care how many "audits" they pay for. Audits should be conductable by the userbase.

If you have your own router and you use your mobile devices through it, try to VLAN your IoT and mobile stuff outside of the WLAN to prevent VLAN hopping and other issues.
Please, Log in or Register to see links and images
is indispensable.
 
  • Like
Reactions: Psdhart

STONE FREE

Yare Yare Dawa ゴゴゴゴ
Mar 11, 2022
156
9,501
1,252
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes

I was thinking more of a day to day use, being bombarded with ads and discovering that apps know my location even know I did not allow such things infuriates me. It's almost a tinfoil mentality, but I was wondering if there are safer measures for it
 

hanumania

Bathwater Drinker
Mar 14, 2022
78
2,743
1,242
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes

not tinfoil at all, it's common sense, and even if you don't care about privacy, what right do all these trackers and background processes have to use your device CPU and net bandwidth? if you are forced to use an iphone, use ProtonVPN, turn bluetooth OFF, use one of the aforementioned browsers, hopefully you have access to the router, but if not, a functional vpn is minimum.
 
  • Like
Reactions: STONE FREE

fang

Tier 3 Sub
Mar 11, 2022
30
301
542
0fya082315al84db03fa9bf467e3.png
To stop apps from collecting your data you should disable any and all permissions they use in the settings.
On android you can easily do that in the apps settings. Try to use f-droid apps instead of playstore ones, they are open source and care about your privacy.

You can use firefox or duckduckgo, any browser except chrome will be OK if you are afraid of chromium.

If you are annoyed by ads its good enough to set a custom dns in the connectivity settings.
The first one i found by searching "dns adblock" is "quad9".
On android you can simply go to settings, connectivity, further settings and then on "Private DNS". There You can enter e.g. "dns.quad9.net" and it should from then on automatically block every ad, sometimes even in phone games.

If you want to go even further install grapheneOS or LineageOS (aka. a custom android rom) and do not use the playstore at all.

EDIT:
I do not recommend a VPN. What does it provide for you?
If you use Instagram and look at the pictures of someone, instagram will know that, no matter VPN or not.
A VPN does not help you become anonymous if your phone is tied to you and every app you download is tied to your google account.
 

hanumania

Bathwater Drinker
Mar 14, 2022
78
2,743
1,242
0fya082315al84db03fa9bf467e3.png
Please, Log in or Register to view quotes

The list of things an actual privacy and security focused VPN provide is long.
The first one is obvious: Your ISP cannot tell what kinds of traffic you are creating, where you are going, and cannot inject packets into your sessions. For many users the latter is a very real problem.

If you are logging into Facebook or Instagram, or any of criminal Zuckerberg's products, you have lost the privacy and security battle. Simply put, Facebook\instagram users are the rapetoys of the AI industry.
If I really need to see something on instagram I'll use a scraper like img***/***sed.

"A VPN does not help you become anonymous if your phone is tied to you and every app you download is tied to your google account."" I mean, I'm not sure what you're arguing there. In any case, I don't want this to be derailed. Read Edward Snowden's tips for online privacy. One specific there involves Tor, which you should not be using without a VPN, because you don't want your ISP (or anybody else) knowing that you use Tor. It eliminates the point.
 

xavicor69

Tier 1 Sub
Dec 24, 2023
8
143
343
0fya082315al84db03fa9bf467e3.png
Great general CyberSecurity tips. Thanks.

And if I may add,
- Prepaid Credit Cards
- A burner, secondary phone number
- A paid VPN service, do not trust any Free VPNs, well worth the purchase
 
Last edited:

Crocop

Bathwater Drinker
Feb 17, 2023
145
1,674
1,259
0fya082315al84db03fa9bf467e3.png
================================================================
================================================================
DNS:
Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images


I recommend using a good DNS like
Please, Log in or Register to see links and images
or CloudFlare (1.1.1.1 / 1.0.0.1)
================================================================
================================================================
Best Browsers:
Please, Log in or Register to see links and images


FireFox (configured), LibreWolf, Mullvad are some good recommendations.
TOR

================================================================
================================================================
VPN:
ProtonVPN
MullvadVPN
IVPN

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

================================================================
================================================================
Password Manager:
Bitwarden
1Password
ProtonPass

Please, Log in or Register to see links and images


================================================================
================================================================
Bonus - Good Guides:
Please, Log in or Register to see links and images



================================================================
:MLADY:
================================================================
 
  • Like
Reactions: Bato69

fang

Tier 3 Sub
Mar 11, 2022
30
301
542
0fya082315al84db03fa9bf467e3.png
This is a response (from a paranoid) to the post above by "Crocop".

Password Manager
They recommend "online" password managers like "Bitwarden", "1Password" or "ProtonPass".
I highly recommend against using any online password managers and instead use KeyPass XC or other Keypass versions.
Every service that hosts your passwords online can be hacked. Examples:
Never trust your passwords with other people.

VPNs
The article linked by "themarkup" is a bad comparison because it only talks about the website of the VPN service and not the VPN service itself.
Ofcourse every website is filled with trackers and google ad javascript, that's sadly how the modern internet works. But how can you rate a VPN service only by it's frontfacing website and not by its VPN?

What a good VPN is depends on your threat model / use case.
  • Scared of some random guy on the internet getting your IP? Any VPN is good enough for that, even a self hosted one (Wireguard)
  • Scared of authorities in your country? Use Mullvad
  • Scared of 3 letter agencies? Nothing can help you

Browsers
I am unsure what the "privacytests.org" website shows me.
It mentions that firefox doesn't have a "Insecure website warning", but when i go to an HTTP website it warns me that it is insecure. Does this mean the website is wrong?

What a good browser is depends on your thread model / use case again.
Brave and other chromium-based (=google) browsers help against "normal people" spam and ads.
If you are paranoid of 3 letter agencies i recommend Firefox, Librewolf, Mullvad, Tor.

One reason why chromium browsers (which google made) are less trusted: You can not be sure that they didn't put any backdoors inside it.
Google created an image format called .webp and the image format had an exploit / backdoor:
Please, Log in or Register to see links and images

By simply viewing a picture you could've been hacked, so why trust their browser engine or browsers?


DNS
Why did the linked DNS article by privacyguides say "Encrypted DNS will not help you hide any of your browsing activity."? That is wrong.
You should always use encryption wherever possible, this also includes DNS.

What a "good DNS" is depends on the use case. If you want privacy then you do not want any logging of your dns activities.
This means that, according to the website linked, only the Mullvad DNS service should be used, because it doesn't log anything.



Ofcourse all of this depends on your setup and threat model.
If you use Windows then it doesn't matter what browser you use, you are "insecure". Using a different browser won't magically make you "invisible" or unhackable. You have to combine all methods with a strict policy to be able to be "truly anonymous" for everyone.
Please explain why we should use the services you advertised next time, simply writing "VPN: <3 random VPNs>" doesn't explain why we should use these 3 VPNs or why they are good.